General

  • Target

    2024-04-11_d251e07fb50c24af7fbfa05461697196_karagany_mafia

  • Size

    378KB

  • Sample

    240411-s61ffshh4w

  • MD5

    d251e07fb50c24af7fbfa05461697196

  • SHA1

    9ccddf019f618bd884e4f4f16be124ad507e5ab8

  • SHA256

    99f9dbceadeb2225c1e863204e42e35c36caf33d0d8d9d697e5fdf33153857a4

  • SHA512

    d08aa96ddf9f35c466d5ac460e879f19300a2aa4b52f36562bb7108edc03becb73a2df0ff927effc57e308c8ec7a5b77f505e6eada75f0001459ef284ebddc52

  • SSDEEP

    3072:q/yK5d2Gl0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOdW:q/y22Gl0r+EBFrkvlU3RvIUDOIY

Malware Config

Targets

    • Target

      2024-04-11_d251e07fb50c24af7fbfa05461697196_karagany_mafia

    • Size

      378KB

    • MD5

      d251e07fb50c24af7fbfa05461697196

    • SHA1

      9ccddf019f618bd884e4f4f16be124ad507e5ab8

    • SHA256

      99f9dbceadeb2225c1e863204e42e35c36caf33d0d8d9d697e5fdf33153857a4

    • SHA512

      d08aa96ddf9f35c466d5ac460e879f19300a2aa4b52f36562bb7108edc03becb73a2df0ff927effc57e308c8ec7a5b77f505e6eada75f0001459ef284ebddc52

    • SSDEEP

      3072:q/yK5d2Gl0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOdW:q/y22Gl0r+EBFrkvlU3RvIUDOIY

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks